A somewhat quiet pre holiday week here at Paranoia Central. Confidentially, I have heard tell of some guy who is gonna be breaking into houses via the chimney next week, so I’ll be sitting with my shotgun by the fireplace waiting. He’ll have to pry my milk and cookies out of my cold, dead hands. (I really like cookies.)

Actually Important Stuff

H5N1 flu - still no need for panic, but worth keeping an eye on, especially given who’s going to be in charge of things should the (bird) shit hit the fan.

Holy crap, WTF - the Speaker of the House doesn’t need to be an elected Congressperson??? - Wow - I never learned this in Civics class! It is becoming more and more obvious to me that we really should have subjected the US Constitution to a “Red Team” exercise a looooong time ago as it was clearly written by people who never considered the possibility of things turning out the way they have. And the Bad Guys are planning to take advantage of that - bigly.

InfoSec/Scam Stuff

I’d like to thank the Academy - Security firm Avast has announced its awards for the “best” phishing emails of 2024. The depressing part of this is how similar the winning subject lines look to what I would have expected to see in 2023. Or 2022. Or 2021. Or 2008. You get the idea.

Security theater? - At first glance, the proposed US ban of WiFi routers made by TP-Link seems to fall into the categories of trade protectionism and security theater for the most part. However, questions around the amount of control China’s government has over the company do remain, especially given the huge market share they hold in the US market. Having access to backdoors in millions of home and business internet routers is a valuable asset for a hostile power, especially in the event of escalation of the current conflict between the US and the China/Russia axis. Another side effect of outsourcing all of our tech manufacturing to a hostile state, who by the way is setting up secret police stations in NYC. (Although on the other hand, given all of the recent corruption in the NYPD, having access to a competing police force might not be all bad).

Don’t sign on this dotted line - Be wary of unexpected unexpected emails from DocuSign - attackers have been using the document signing service as a pretty effective lure to get people to click on malicious, malware, credential stealing links. I think we will see an uptick in this over the next couple of weeks, as security folks are on vacation and business folks may be expecting year end contract renewals and the like.

And don’t make an appointment with malware, either - Yeah, the bad guys are using Google Calendar invites to get you to click on bad links as well.

I guess they gotta do something - The Consumer Financial Protection Board is targeting Zelle and some of its participating banks over the payment platform’s alleged failure to take steps to protect users from fraud. This is a bit of a head scratcher to me - I recently used Zelle to make some payments and the number of “are you SURE you are not being scammed" prompts was borderline annoying. I am not sure that this is how to effectively fight fraud - maybe going after the actual fraudsters and educating people on how to recognize and avoid scams would be a better idea.

Get with the (passkey) program - Passwords (even with multi factor authentication) are way past their sell by date - bad guys have found effective ways to get past them as evidenced by the continuing torrent of credential theft related breaches and attacks. Microsoft is working to make passkeys the default, and while they are sometimes a bit rough around the edges when it comes to user experience, they do provide phishing and credential theft resistant protection for your online life. Google, Microsoft, Amazon, Apple, and Samsung are all supporting passkeys now - and I recommend you start moving your credentials for important accounts.

Fun Stuff

I would suggest not annoying the Governor of Akita, Japan - Just saying. Also, if you are a bear, I’d steer clear of the prefecture.

Might I suggest Krampus instead - Apparently, science says that feeding your kids the “he knows if you are bad or good so be good for goodness sake” Santa related propaganda just doesn’t work. If I had kids, I’d be using Krampus or the Icelandic Yule Cat to scare them into good behavior instead.

New Years Eve around the World - The main thing I learned during my world travels in the before times was that people in different places have the audacity to pretend that it is a different time in their city than in Noo Yawk! The nerve! Well, if you want to see when these ignorant, benighted, (and worst yet) un American people celebrate what THEY think to be the turn of the year, here’s the place to look. I for one will be doing the most NYE thing I can think of - flipping between the Honeymooners, Odd Couple and Twilight Zone marathons on TV.

Book of the Week

This week’s book will help us all prepare for 2025. I read this a while back, but between now, and, say, January 20th, seems to be a good time to reread this field guide to the folks who will be, um, representing us and ruining (did I say “ruining?” - I meant “running” - damn spell check) things for the time being.

Anyway - Happy Hanukkah, Merry Christmas, Excellent Kwanzaa, Superb Solstice, or Wonderful Winter Celebration of your choice!

Share Paranoid Prose